Security News > 2023 > August > Google unveils stronger cellular security for Android 14
Google has revealed new cellular security mitigations that will be available for users and enterprises on its soon-to-be-released Android 14, and announced a new release schedule for Chrome Stable channel updates.
Even though 2G service has been shut down by most major network carriers, many devices are still able to connect to dwindling 2G cellular networks.
"Stingrays are obscure yet very powerful surveillance and interception tools that have been leveraged in multiple scenarios, ranging from potentially sideloading Pegasus malware into journalist phones to a sophisticated phishing scheme that allegedly impacted hundreds of thousands of users with a single ," Google explained.
With Android 14 set to be released soon, Google will enable IT administrators and users to disable 2G support on managed and personal devices, respectively.
For additional cellular security, Google announced an option that allows users to disable support for cellular null ciphers, which are still commonly used by commercial networks and can expose user voice and SMS traffic to interception.
"Chrome began releasing Stable channel updates every two weeks in 2020, with Chrome 77, as a way to help reduce the patch gap. Before Chrome 77, our patch gap averaged 35 days. Since moving the biweekly release cadence, the patch gap has been reduced to around 15 days. The switch to weekly updates allows us to ship security fixes even faster, and further reduce the patch gap," noted Amy Ressler, senior technical program manager at Chrome Security Team.
News URL
https://www.helpnetsecurity.com/2023/08/09/android-14-cellular-security/
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)